At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
The reasons underlying this are what I don't completely understand.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist.
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
* Identification of high-entropy traffic (putatively: encrypted traffic) would require extensive surveillance, tapping, and whatnot. The infrastructure for this does not exist, and would cost an enormous amount to deploy. * (This is why so many of us want a crackdown on crypto delayed for as long as possible: every year that passes means more networks, more intranets, more channels, more modes, etc. Satellites, fibers, etc.) * High-entropy traffic does not mean encryption, either. And encrypted traffic can be twiddled to look like lower-entropy traffic (and I don't even mean steganography, I mean adjusting message statistics). * Once crypto has become widespread, and is built into mailers, browsers, etc., there will be many people already using those old mailers and browsers. Throwing Mom and Pop in jail because they forgot to turn off the PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even in an era of supposed "zero-tolerance." (And California and Arizona just voted to effectively decriminalize pot..."medical use of encryption" on the 2005 ballot?) * Steganography. Entire volumes can be written about this. I believe I was the first to propose, in a 1988-89 series of articles on sci.crypt, the use of LSBs in image and sound files to transmit huge amounts of information, with detection very difficult. As I told Kevin Kelley--reported in his "Whole Earth Review" article and in his excellent "Out of Control" book--a single DAT tape of a musical recording can easily carry 150-200 MB of "message" just in the LSBs! Unless all tapes are checked at the border--and what are live tapes, with lots of noise in the bottom few bits of each word--to be compared against? The mind boggles at the task. * "Legitimate needs." The whole notion Peter raises of banning cryptography is fraught with problems. Are businesses to be told that all communications are to be in the clear? Or is Peter's point that some form of GAK will be used? (If the latter, then of course we are back to an even better form of "stego" than stego itself: superencrypt before using GAK. Unless the government samples packets randomly and does what they say they will do to open a GAKked packet--e.g., get a court order, go to the escrow key holders, etc.--then how will they know if a message is superencrypted? And what if a GAKked message contains conventional _codes_? Are shorthand codes such as business have long used--"The rain in Rome is warm this month"--to be illegal?) * The point being that "rogue crypto" (terrorists, crypto anarchists, freedom fighters) gets lost on the blizzard of other uses. And shutting down all crypto means shutting down business use of crypto to protect secrets, and probably means an end to digital commerce. (This is another reason we want to delay action on crypto for as long as possible: make encrypted communications so widespread in commerce that to pull the plug would mean a financial calamity.) * Intent. It's hard to imagine someone being imprisoned for using cryptography, except perhaps in wartime conditions. I may be wrong. Also, there are deep Constitutional issues we haven't been much discussing. * Offshore sites. Even if U.S. citizen-units are proscribed from using crypto--a hard thing to do--many crypto-anarchic markets will flourish overseas. (If communication with offshore persons or sites is allowed, all sorts of things can be done. If such communication is banned, this means a profound change in the American system.) [I have not fleshed out the arguments here, adequately, so don't focus on this point to rebut the rest of my arguments, please.] In another post, Peter posits a condition where people are appalled at the implications of crypto and there is no popular support for it. But is he implyiung that neighbors will burst into the homes of others to ferret out crypto. I doubt this vigilantism will ever happen. (My gun example is apropos. I believe we are fast approaching a point where most people want guns outlawed. But it won't happen, as there are not enough cops and military people willing to raid private homes in contravention of the Bill of Rights and at personal risk to themselves....and so it won't happen. Once crypto is deeply intertwined into the fabric of life and commerce, it'll be too late to pull the plug. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."